Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the
license provided by that third-party licensor. Splunk is not responsible for any third-party
apps and does not provide any warranty or support. If you have any questions, complaints or
claims with respect to this app, please contact the licensor directly.

To install your download

For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Citrix NetScaler with AppFlow

Overview

Details

The Splunk for Citrix NetScaler app is a set of field extractions, reports, lookups and dashboards which provide visibility into the Citrix NetScaler AppFlow, Application Firewall and VPN data. This app is configured to work with version 9.x of the Citrix NetScaler.

Support for this content

This app is not officially supported by Splunk Support. If you have a current Splunk Enterprise Support entitlement, Splunk will provide best-effort support for cases involving this app directly, but such cases will not be subject to the Splunk Enterprise Support SLA.

Description

The Splunk for Citrix NetScaler app is a set of field extractions, reports, lookups and dashboards which provide visibility into the Citrix NetScaler AppFlow, Application Firewall and VPN data. This app is configured to work with version 9.x of the Citrix NetScaler.

The Splunk App for NetScaler with AppFlow translates binary AppFlow data to time- stamped ASCII text, so Splunk can utilize it and put it in context of all other data in the environment such as custom application log data, logs and metrics data of application components such as web servers, application servers, databases, firewalls, hypervisors and more. With added visibility into NetScaler and Appflow data, systems administrators and application support professionals are able to get central visibility into their entire environment and are able to correctly identify performance bottlenecks that lead to user experience issues. In addition to being able to detect and troubleshoot application performance issues faster, administrators can also visualize baselines, trends and other analytics that can help them plan capacity and make transactions more efficient for a better customer experience.
Splunk’s powerful visualization provides real-time views and role-appropriate dashboards on the state of key application performance and availability metrics. The flexibility and universality of Splunk allows you to put your operational data in a business context to allow richer, more informed business decision making. It also allows you to integrate in non-IT data to provide value added analysis that support the organization’s business objectives.

Splunk App for NetScaler with AppFlow— Dashboards and Reports

The Splunk App for NetScaler with AppFlow contains over 30 reports for situational awareness and dashboards supporting key business and security performance indicators (KPIs). Key reports available include:

HTTP user agent: shows you which platforms are most commonly used to access your web application

Most requested URLs: allows you to prioritize your response time optimization

Source and destination IPs and ports: gives you real time insight into the origins of your traffic

Average transaction times and round trip response times: allows you to monitor end user service levels

Traffic analysis by applications/servers: includes analysis of latencies and bandwidth usage

System Audit dashboard: depicts system console events and tracking commands/changes by user.

Reports from Splunk can be downloaded in PDF or Excel format and data ranges are fully supported. Reports can also be scheduled for delivery to individuals as PDFs. The Splunk App for Citrix NetScaler supports core Splunk functionality such as the ability to drill-down into raw log data from graphical elements and robust role-based access control.

Getting Started

For this app to work your Citrix NetScaler data must be extracting fields correctly. The Field Extractions included in this app are configured for the NetScaler v 9.0 and higher.

Upgrading from versions prior to 5.0.x

On your Splunk server, remove the following:

$SPLUNK_HOME/etc/apps/Splunk_TA_NSIndexer

$SPLUNK_HOME/etc/apps/Splunk_TA_IPFIX_UDP_NIX (if applicable)

$SPLUNK_HOME/etc/apps/Splunk_TA_IPFIX_UDP_WIN (if applicable)

Follow the rest of the installation instructions below.

When uploading the installer file, make sure the "Upgrade app" is selected.

Release Notes

Version 5.0.0

Version 4.8

Feb. 8, 2013

For this app to work your Citrix NetScaler data must be extracting fields correctly. The Field Extractions included in this app are configured for the NetScaler v 9.

To configure the app please set the sourcetype of your NetScaler logs to ns_log. If your data has already been indexed under a different sourcetype you will need to create a sourcetype alias for ns_log

To install the app, unpack this file into $SPLUNK_HOME/etc/apps and restart.

The indexing portion of this app has been split from the main app. This is found in the /appserver/addons/NS_Indexer directory. Copy that into $SPLUNK_HOME/etc/apps on your indexer and restart

The configuration file (ipfix.conf) is located in the app's "default" directory, which is $SPLUNK_HOME/etc/apps/Splunk_TA_IPFIX_UDP/default/ipfix.conf . The appflow dashboards and reports rely on the sourcetype=appflow.

Version 4.6

Version 4.5

Version 4.4

Aug. 3, 2011

This release updates the NetScaler Overview dashboard and the AppFlow Security dashboard.

Version 4.3

Aug. 1, 2011

This version includes new dashboards under AppFlow menu and bug fixes.

*** NOTE: There is a bug in Paginator components of AppFlow dashboards. For example, it may show that you have 10 pages of result data, but actually, you have only 1 or 2 pages of the result data, while the rest of the pages are blank. Hopefully, the bug will be fixed by the next version of the app.

Licensing

Support

Splunk Certification Program

Splunk's App Certification program uses a specific set of criteria to evaluate the level of quality, usability and security your app offers to its users. In addition, we evaluate the documentation and support you offer to your app's users.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.